I was looking for setting up Virtual MFA for IAM user via cli. Came across an example as given below reference site. the example given in the reference site uses QRCodePNG. I wanted to use Base32StringSeed as option check how it works.
The following command creates virtual mfa device with the name VijaiMFADevice and outputs the string to a file called mfa-out.
Keep in mind that this cli has output option of either QRCodePNG or Base32StringSeed. I have choosen Base32StringSeed as example.
Please ensure AWS cli is properly configured for your account before you execute the commands. AWS CLI Configure
aws iam create-virtual-mfa-device
vijai@vijai-lx:~/AWS$ aws iam create-virtual-mfa-device \
--virtual-mfa-device-name VijaiMFADevice --outfile mfa-out \
--bootstrap-method Base32StringSeed
VIRTUALMFADEVICE arn:aws:iam::636XXXXXXX:mfa/VijaiMFADevice
- Now the
mfaoutfile has Base32String. - Open google authenticator and add new with + sign
- Choose “Enter Provided Key”
- This will ask for new account name and “Your Key”
- Please input the whole string from mfaout as input.
- Note down consecutive 2 Number’s from google authenticator
- Use the following AWS CLI for setting up MFA token sync.
vijai@vijai-lx:~/AWS$ aws iam enable-mfa-device --user-name vijai@XXXXX \
--serial-number "arn:aws:iam::63XXXXXXXXX:mfa/VijaiMFADevice" \
--authentication-code1 12345 \
--authentication-code2 12345
That’s it.
You have enabled Virtual MFA for your IAM account. Now if you login to the console, you will be asked for MFA Token .
Reference site
https://typicalrunt.me/2018/05/26/enabling-an-aws-iam-mfa-via-cli/